[asterisk-scf-commits] asterisk-scf/integration/sip.git branch "auth-corrections" created.
Commits to the Asterisk SCF project code repositories
asterisk-scf-commits at lists.digium.com
Tue Nov 15 18:39:24 CST 2011
branch "auth-corrections" has been created
at 67af305c398f1ad12b626b5f2da01aa336b4e451 (commit)
- Log -----------------------------------------------------------------
commit 67af305c398f1ad12b626b5f2da01aa336b4e451
Author: Mark Michelson <mmichelson at digium.com>
Date: Tue Nov 15 18:39:43 2011 -0600
Move some common code into the AuthManger.
diff --git a/src/AuthManager.cpp b/src/AuthManager.cpp
index d03069c..ec4dd50 100644
--- a/src/AuthManager.cpp
+++ b/src/AuthManager.cpp
@@ -433,6 +433,35 @@ Ice::StringSeq AuthManager::getRealms(pjsip_rx_data *rdata)
return realms;
}
+void AuthManager::getAuthCredentials(pjsip_rx_data *rdata, std::vector<pjsip_cred_info>& creds, const std::string& endpointName)
+{
+ AuthHookSeq hooks = getHooks();
+ for (AuthHookSeq::iterator iter = hooks.begin();
+ iter != hooks.end(); ++iter)
+ {
+ ClientAuthSeq auths;
+ Ice::StringSeq realms = getRealms(rdata);
+
+ HookResult result = (*iter)->respondToChallenge(endpointName, realms, auths);
+ if (result.status == Succeeded)
+ {
+ //Cool. So now we need to update the auth info on mReg
+ for (ClientAuthSeq::iterator authIter = auths.begin();
+ authIter != auths.end(); ++authIter)
+ {
+ pjsip_cred_info info;
+ pj_cstr(&info.realm, authIter->realm.c_str());
+ pj_cstr(&info.scheme, "digest");
+ pj_cstr(&info.username, authIter->username.c_str());
+ pj_cstr(&info.data, authIter->password.c_str());
+ info.data_type = PJSIP_CRED_DATA_PLAIN_PASSWD;
+ creds.push_back(info);
+ }
+ return;
+ }
+ }
+}
+
void AuthManager::scheduleAuthTimeout(const boost::shared_ptr<AuthInstance> &instance, pj_timer_heap_callback *cb)
{
instance->scheduleAuthTimeout(mImpl->mCounter++, cb);
diff --git a/src/AuthManager.h b/src/AuthManager.h
index 1f799ce..ade0127 100644
--- a/src/AuthManager.h
+++ b/src/AuthManager.h
@@ -145,6 +145,12 @@ public:
*/
Ice::StringSeq getRealms(pjsip_rx_data *rdata);
/**
+ * Call out to registered hooks to get credentials.
+ *
+ * Used when receiving a 401 or 407 response
+ */
+ void getAuthCredentials(pjsip_rx_data *rdata, std::vector<pjsip_cred_info>& creds, const std::string& endpointName);
+ /**
* Schedule the destruction of an AuthInstance
*
* After challenging a requester for authentication information,
diff --git a/src/PJSipSessionModule.cpp b/src/PJSipSessionModule.cpp
index 5a04ef6..1d81826 100644
--- a/src/PJSipSessionModule.cpp
+++ b/src/PJSipSessionModule.cpp
@@ -1223,45 +1223,21 @@ void PJSipSessionModule::handleInviteRejection(pjsip_inv_session* inv,
if (respCode == 401 || respCode == 407)
{
//Aw peas, they be wanting to authenticate, boooooooooiiiiiiiiiii
-
- AuthHookSeq hooks = mAuthManager->getHooks();
- for (AuthHookSeq::iterator iter = hooks.begin();
- iter != hooks.end(); ++iter)
+ std::vector<pjsip_cred_info> creds;
+ mAuthManager->getAuthCredentials(rdata, creds, session->getEndpoint()->getName());
+ if (creds.size() != 0)
{
- ClientAuthSeq auths;
- Ice::StringSeq realms = mAuthManager->getRealms(rdata);
-
- HookResult result = (*iter)->respondToChallenge(session->getEndpoint()->getName(), realms, auths);
- if (result.status == Succeeded)
- {
- std::vector<pjsip_cred_info> creds;
- //Cool. So now we need to update the auth info on mReg
- for (ClientAuthSeq::iterator authIter = auths.begin();
- authIter != auths.end(); ++authIter)
- {
- pjsip_cred_info info;
- pj_cstr(&info.realm, authIter->realm.c_str());
- pj_cstr(&info.scheme, "digest");
- pj_cstr(&info.username, authIter->username.c_str());
- pj_cstr(&info.data, authIter->password.c_str());
- info.data_type = PJSIP_CRED_DATA_PLAIN_PASSWD;
- creds.push_back(info);
- }
- if (creds.size() != 0)
- {
- pjsip_inv_uac_restart(inv, PJ_FALSE);
- pjsip_auth_clt_set_credentials(&inv->dlg->auth_sess,
- boost::numeric_cast<int>(creds.size()), &creds.front());
- pjsip_tx_data *tdata;
- pjsip_auth_clt_reinit_req(&inv->dlg->auth_sess,
- rdata, tsx->last_tx, &tdata);
- //XXX The actual sending of the message should probably be done as
- //a queued operation.
- pjsip_inv_send_msg(inv, tdata);
- }
- return;
- }
+ pjsip_inv_uac_restart(inv, PJ_FALSE);
+ pjsip_auth_clt_set_credentials(&inv->dlg->auth_sess,
+ boost::numeric_cast<int>(creds.size()), &creds.front());
+ pjsip_tx_data *tdata;
+ pjsip_auth_clt_reinit_req(&inv->dlg->auth_sess,
+ rdata, tsx->last_tx, &tdata);
+ //XXX The actual sending of the message should probably be done as
+ //a queued operation.
+ pjsip_inv_send_msg(inv, tdata);
}
+ return;
}
}
@@ -1495,43 +1471,20 @@ void PJSipSessionModule::handleNonInviteAuthentication(pjsip_inv_session* inv,
{
PJSipSessionModInfo *session_mod_info = (PJSipSessionModInfo*)inv->mod_data[mModule.id];
SipSessionPtr session = session_mod_info->getSessionPtr();
- AuthHookSeq hooks = mAuthManager->getHooks();
- for (AuthHookSeq::iterator iter = hooks.begin();
- iter != hooks.end(); ++iter)
- {
- ClientAuthSeq auths;
- Ice::StringSeq realms = mAuthManager->getRealms(rdata);
-
- HookResult result = (*iter)->respondToChallenge(session->getEndpoint()->getName(), realms, auths);
- if (result.status == Succeeded)
- {
- std::vector<pjsip_cred_info> creds;
- //Cool. So now we need to update the auth info on mReg
- for (ClientAuthSeq::iterator authIter = auths.begin();
- authIter != auths.end(); ++authIter)
- {
- pjsip_cred_info info;
- pj_cstr(&info.realm, authIter->realm.c_str());
- pj_cstr(&info.scheme, "digest");
- pj_cstr(&info.username, authIter->username.c_str());
- pj_cstr(&info.data, authIter->password.c_str());
- info.data_type = PJSIP_CRED_DATA_PLAIN_PASSWD;
- creds.push_back(info);
- }
- if (creds.size() != 0)
- {
- pjsip_auth_clt_set_credentials(&dlg->auth_sess,
- boost::numeric_cast<int>(creds.size()), &creds.front());
- pjsip_tx_data *tdata;
- pjsip_auth_clt_reinit_req(&dlg->auth_sess,
- rdata, tsx->last_tx, &tdata);
- //XXX The actual sending of the message should probably be done as
- //a queued operation.
- pjsip_dlg_send_request(dlg, tdata, -1, NULL);
- }
- return;
- }
+ std::vector<pjsip_cred_info> creds;
+ mAuthManager->getAuthCredentials(rdata, creds, session->getEndpoint()->getName());
+ if (creds.size() != 0)
+ {
+ pjsip_auth_clt_set_credentials(&dlg->auth_sess,
+ boost::numeric_cast<int>(creds.size()), &creds.front());
+ pjsip_tx_data *tdata;
+ pjsip_auth_clt_reinit_req(&dlg->auth_sess,
+ rdata, tsx->last_tx, &tdata);
+ //XXX The actual sending of the message should probably be done as
+ //a queued operation.
+ pjsip_dlg_send_request(dlg, tdata, -1, NULL);
}
+ return;
}
void PJSipSessionModule::invOnTsxStateChanged(pjsip_inv_session *inv, pjsip_transaction *tsx, pjsip_event *e)
commit 01875837a0d54f89089c83311c14c1f0b90f7b14
Author: Mark Michelson <mmichelson at digium.com>
Date: Tue Nov 15 18:15:25 2011 -0600
Add authentication response for in-dialog stuff.
diff --git a/src/PJSipSessionModule.cpp b/src/PJSipSessionModule.cpp
index 4e7afe1..5a04ef6 100644
--- a/src/PJSipSessionModule.cpp
+++ b/src/PJSipSessionModule.cpp
@@ -1490,6 +1490,49 @@ void PJSipSessionModule::invOnNewSession(pjsip_inv_session*, pjsip_event*)
{
//stub
}
+void PJSipSessionModule::handleNonInviteAuthentication(pjsip_inv_session* inv,
+ pjsip_rx_data* rdata, pjsip_dialog* dlg, pjsip_transaction *tsx)
+{
+ PJSipSessionModInfo *session_mod_info = (PJSipSessionModInfo*)inv->mod_data[mModule.id];
+ SipSessionPtr session = session_mod_info->getSessionPtr();
+ AuthHookSeq hooks = mAuthManager->getHooks();
+ for (AuthHookSeq::iterator iter = hooks.begin();
+ iter != hooks.end(); ++iter)
+ {
+ ClientAuthSeq auths;
+ Ice::StringSeq realms = mAuthManager->getRealms(rdata);
+
+ HookResult result = (*iter)->respondToChallenge(session->getEndpoint()->getName(), realms, auths);
+ if (result.status == Succeeded)
+ {
+ std::vector<pjsip_cred_info> creds;
+ //Cool. So now we need to update the auth info on mReg
+ for (ClientAuthSeq::iterator authIter = auths.begin();
+ authIter != auths.end(); ++authIter)
+ {
+ pjsip_cred_info info;
+ pj_cstr(&info.realm, authIter->realm.c_str());
+ pj_cstr(&info.scheme, "digest");
+ pj_cstr(&info.username, authIter->username.c_str());
+ pj_cstr(&info.data, authIter->password.c_str());
+ info.data_type = PJSIP_CRED_DATA_PLAIN_PASSWD;
+ creds.push_back(info);
+ }
+ if (creds.size() != 0)
+ {
+ pjsip_auth_clt_set_credentials(&dlg->auth_sess,
+ boost::numeric_cast<int>(creds.size()), &creds.front());
+ pjsip_tx_data *tdata;
+ pjsip_auth_clt_reinit_req(&dlg->auth_sess,
+ rdata, tsx->last_tx, &tdata);
+ //XXX The actual sending of the message should probably be done as
+ //a queued operation.
+ pjsip_dlg_send_request(dlg, tdata, -1, NULL);
+ }
+ return;
+ }
+ }
+}
void PJSipSessionModule::invOnTsxStateChanged(pjsip_inv_session *inv, pjsip_transaction *tsx, pjsip_event *e)
{
@@ -1498,7 +1541,7 @@ void PJSipSessionModule::invOnTsxStateChanged(pjsip_inv_session *inv, pjsip_tran
int respCode = e->body.tsx_state.src.rdata->msg_info.msg->line.status.code;
if (respCode == 401 || respCode == 407)
{
- //We need to authenticate. This is for non-INVITE transactions.
+ handleNonInviteAuthentication(inv, e->body.tsx_state.src.rdata, pjsip_tsx_get_dlg(tsx), tsx);
}
}
diff --git a/src/PJSipSessionModule.h b/src/PJSipSessionModule.h
index 74621be..59e840a 100644
--- a/src/PJSipSessionModule.h
+++ b/src/PJSipSessionModule.h
@@ -142,6 +142,7 @@ private:
void handleNewInvite(pjsip_rx_data *rdata);
void handleInviteResponse(pjsip_inv_session *inv, pjsip_rx_data *rdata, pjsip_dialog *dlg);
void handleInviteRejection(pjsip_inv_session *inv, pjsip_rx_data *rdata, pjsip_transaction *tsx);
+ void handleNonInviteAuthentication(pjsip_inv_session *inv, pjsip_rx_data *rdata, pjsip_dialog *dlg, pjsip_transaction *tsx);
void handleRefer(pjsip_inv_session *inv, pjsip_rx_data *rdata);
void handleInfo(pjsip_inv_session *inv, pjsip_rx_data *rdata);
bool isDTMF(pjsip_rx_data *rdata);
commit 1a9c552d54bbabefed475aa78937ccacc812ef1d
Author: Mark Michelson <mmichelson at digium.com>
Date: Tue Nov 15 17:38:35 2011 -0600
Change the name of the authenticate() method and remove some extra debugging cruft.
diff --git a/src/AuthManager.cpp b/src/AuthManager.cpp
index e5a3e90..d03069c 100644
--- a/src/AuthManager.cpp
+++ b/src/AuthManager.cpp
@@ -354,7 +354,7 @@ boost::shared_ptr<AuthInstance> AuthManager::createAuthInstance(pjsip_rx_data *r
return instance;
}
-bool AuthManager::authenticate(pjsip_rx_data *rdata)
+bool AuthManager::authenticateRequest(pjsip_rx_data *rdata)
{
const std::string fromTag(pj_strbuf(&rdata->msg_info.from->tag),
pj_strlen(&rdata->msg_info.from->tag));
diff --git a/src/AuthManager.h b/src/AuthManager.h
index 54fc98c..1f799ce 100644
--- a/src/AuthManager.h
+++ b/src/AuthManager.h
@@ -129,7 +129,7 @@ public:
* up the extension point for authentication and not to actually
* authenticate, this doesn't actually do anything useful.
*/
- bool authenticate(pjsip_rx_data *rdata);
+ bool authenticateRequest(pjsip_rx_data *rdata);
/**
* Create a new AuthInstance
*
diff --git a/src/PJSipRegistrarModule.cpp b/src/PJSipRegistrarModule.cpp
index 5da604a..b7193c6 100644
--- a/src/PJSipRegistrarModule.cpp
+++ b/src/PJSipRegistrarModule.cpp
@@ -706,7 +706,7 @@ private:
bool PJSipRegistrarModule::checkAuth(pjsip_rx_data *rdata, pjsip_transaction *tsx, RequestType type)
{
//First, let's see if this message has some auth that we know about.
- if (mAuthManager->authenticate(rdata) == true)
+ if (mAuthManager->authenticateRequest(rdata) == true)
{
//Oh yeah! Authentication succeeded!
return false;
diff --git a/src/PJSipSessionModule.cpp b/src/PJSipSessionModule.cpp
index 6321878..4e7afe1 100644
--- a/src/PJSipSessionModule.cpp
+++ b/src/PJSipSessionModule.cpp
@@ -339,7 +339,7 @@ pj_status_t PJSipSessionModule::unload()
bool PJSipSessionModule::checkAuth(pjsip_rx_data *rdata, pjsip_inv_session *inv, RequestInfoPtr& info, RequestType type)
{
//First, let's see if this message has some auth that we know about.
- if (mAuthManager->authenticate(rdata) == true)
+ if (mAuthManager->authenticateRequest(rdata) == true)
{
//Oh yeah! Authentication succeeded!
return false;
@@ -1169,10 +1169,6 @@ protected:
}
}
}
- else if (mRespCode == 401 || mRespCode == 407)
- {
- lg(Notice) << "!!!!!!!!! OH SNAP GOT A 401 or 407 !!!!!!!!";
- }
return Complete;
}
@@ -1228,10 +1224,7 @@ void PJSipSessionModule::handleInviteRejection(pjsip_inv_session* inv,
{
//Aw peas, they be wanting to authenticate, boooooooooiiiiiiiiiii
- //What do we need to do?
- //1. Get the registered hooks...
AuthHookSeq hooks = mAuthManager->getHooks();
- //2. Call out and get authentication information.
for (AuthHookSeq::iterator iter = hooks.begin();
iter != hooks.end(); ++iter)
{
@@ -1262,9 +1255,6 @@ void PJSipSessionModule::handleInviteRejection(pjsip_inv_session* inv,
pjsip_tx_data *tdata;
pjsip_auth_clt_reinit_req(&inv->dlg->auth_sess,
rdata, tsx->last_tx, &tdata);
- //XXX I'm not sure if I need to be adding an SDP offer here since
- //I called pjsip_inv_uac_restart() above...
- //
//XXX The actual sending of the message should probably be done as
//a queued operation.
pjsip_inv_send_msg(inv, tdata);
@@ -1272,15 +1262,6 @@ void PJSipSessionModule::handleInviteRejection(pjsip_inv_session* inv,
return;
}
}
- //
- //to normal
- //4. Send an ACK
- //5. Set credentials on the inv_session
- //6. Re-send the INVITE with credentials.
- //
- //We need to call out to any registered extension points. This will at the
- //very least allow for us to figure out if we can authenticate.
-
}
}
@@ -1512,6 +1493,15 @@ void PJSipSessionModule::invOnNewSession(pjsip_inv_session*, pjsip_event*)
void PJSipSessionModule::invOnTsxStateChanged(pjsip_inv_session *inv, pjsip_transaction *tsx, pjsip_event *e)
{
+ if (tsx->role == PJSIP_ROLE_UAC && tsx->state == PJSIP_TSX_STATE_COMPLETED)
+ {
+ int respCode = e->body.tsx_state.src.rdata->msg_info.msg->line.status.code;
+ if (respCode == 401 || respCode == 407)
+ {
+ //We need to authenticate. This is for non-INVITE transactions.
+ }
+ }
+
if (tsx->role == PJSIP_ROLE_UAS && tsx->state == PJSIP_TSX_STATE_TRYING &&
!pjsip_method_cmp(&tsx->method, pjsip_get_refer_method()))
{
commit 3c06c6776daf1595e29e7591a412cfd38c82febd
Author: Mark Michelson <mmichelson at digium.com>
Date: Tue Nov 15 15:09:12 2011 -0600
Properly send credentials when challenged on an INVITE.
diff --git a/src/AuthManager.cpp b/src/AuthManager.cpp
index 899d346..e5a3e90 100644
--- a/src/AuthManager.cpp
+++ b/src/AuthManager.cpp
@@ -138,7 +138,7 @@ AuthInstance::AuthInstance(pjsip_rx_data *rdata, const moduleHookVector &hooks,
RequestType type, pjsip_endpoint *endpoint, const Logger &logger)
: mImpl(new AuthInstancePriv(rdata, hooks, type, endpoint, logger)) { }
-std::vector<AuthHookPrx> AuthInstance::getHooks()
+AuthHookSeq AuthInstance::getHooks()
{
return mImpl->hooks;
}
@@ -409,6 +409,30 @@ void AuthManager::destroyAuthInstance(const AuthInstance* instance)
}
}
+Ice::StringSeq AuthManager::getRealms(pjsip_rx_data *rdata)
+{
+ Ice::StringSeq realms;
+
+ pjsip_proxy_authenticate_hdr *authHeader = (pjsip_proxy_authenticate_hdr*) &rdata->msg_info.msg->hdr;
+
+ while ((authHeader = (pjsip_proxy_authenticate_hdr*) pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_WWW_AUTHENTICATE, authHeader->next)))
+ {
+ std::string realm(pj_strbuf(&authHeader->challenge.digest.realm), pj_strlen(&authHeader->challenge.digest.realm));
+ mImpl->mLogger(Debug) << "Found the realm " << realm;
+ realms.push_back(realm);
+ }
+
+ authHeader = (pjsip_proxy_authenticate_hdr*) &rdata->msg_info.msg->hdr;
+
+ while ((authHeader = (pjsip_proxy_authenticate_hdr*) pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_PROXY_AUTHENTICATE, authHeader->next)))
+ {
+ std::string realm(pj_strbuf(&authHeader->challenge.digest.realm), pj_strlen(&authHeader->challenge.digest.realm));
+ realms.push_back(realm);
+ }
+
+ return realms;
+}
+
void AuthManager::scheduleAuthTimeout(const boost::shared_ptr<AuthInstance> &instance, pj_timer_heap_callback *cb)
{
instance->scheduleAuthTimeout(mImpl->mCounter++, cb);
@@ -448,5 +472,17 @@ void AuthManager::clearAuthHooks()
mImpl->mRegisteredHooks.clear();
}
+AuthHookSeq AuthManager::getHooks()
+{
+ boost::lock_guard<boost::mutex> lock(mImpl->mHooksLock);
+ AuthHookSeq retSeq;
+ for (moduleHookVector::iterator iter = mImpl->mRegisteredHooks.begin();
+ iter != mImpl->mRegisteredHooks.end(); ++ iter)
+ {
+ retSeq.push_back((*iter)->mHook);
+ }
+ return retSeq;
+}
+
};
};
diff --git a/src/AuthManager.h b/src/AuthManager.h
index d6d84cf..54fc98c 100644
--- a/src/AuthManager.h
+++ b/src/AuthManager.h
@@ -53,7 +53,7 @@ public:
* service. This is a helper function to get the distilled
* list of hooks.
*/
- std::vector<AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx> getHooks();
+ AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookSeq getHooks();
/**
* This function is a convenience function to fill in the common
@@ -141,6 +141,10 @@ public:
*/
boost::shared_ptr<AuthInstance> createAuthInstance(pjsip_rx_data *rdata, AsteriskSCF::SIP::ExtensionPoint::V1::RequestType type);
/**
+ * Get the realms from an authentication challenge
+ */
+ Ice::StringSeq getRealms(pjsip_rx_data *rdata);
+ /**
* Schedule the destruction of an AuthInstance
*
* After challenging a requester for authentication information,
@@ -180,6 +184,11 @@ public:
*/
void clearAuthHooks();
+ /**
+ * Get all registered hooks
+ */
+ AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookSeq getHooks();
+
private:
boost::shared_ptr<AuthManagerPriv> mImpl;
};
diff --git a/src/PJSipSessionModule.cpp b/src/PJSipSessionModule.cpp
index d86d76a..6321878 100644
--- a/src/PJSipSessionModule.cpp
+++ b/src/PJSipSessionModule.cpp
@@ -26,6 +26,7 @@
#include <IceUtil/UUID.h>
#include <boost/lexical_cast.hpp>
+#include <boost/numeric/conversion/cast.hpp>
#include <AsteriskSCF/Core/Endpoint/EndpointIf.h>
#include <AsteriskSCF/Core/Routing/RoutingIf.h>
@@ -215,78 +216,78 @@ void PJSipSessionModule::replicateState(PJSipDialogModInfo *dlgInfo, PJSipTransa
SipStateItemSeq setItems;
Ice::StringSeq removeItems;
- lg(Debug) << "========== Begin State Replication Dump ==========";
+ lg(Trace) << "========== Begin State Replication Dump ==========";
if (dlgInfo)
{
- lg(Debug) << "--- Begin Dialog " << dlgInfo->mDialogState->key;
- lg(Debug) << "Callid: " << dlgInfo->mDialogState->callId;
- lg(Debug) << "Is Dialog Established: " << dlgInfo->mDialogState->isDialogEstablished;
- lg(Debug) << "Is Secure: " << dlgInfo->mDialogState->isSecure;
- lg(Debug) << "Local CSeq: " << dlgInfo->mDialogState->localCSeq;
- lg(Debug) << "Local URI: " << dlgInfo->mDialogState->localUri;
- lg(Debug) << "Local tag: " << dlgInfo->mDialogState->localTag;
- lg(Debug) << "Remote CSeq: " << dlgInfo->mDialogState->remoteCSeq;
- lg(Debug) << "Remote URI: " << dlgInfo->mDialogState->remoteUri;
- lg(Debug) << "Remote tag: " << dlgInfo->mDialogState->remoteTag;
- lg(Debug) << "Transport: " << dlgInfo->mDialogState->transport;
- lg(Debug) << "UAC Has 2xx: " << dlgInfo->mDialogState->uacHas2xx;
- lg(Debug) << "Is Uac: " << dlgInfo->mDialogState->isUac;
+ lg(Trace) << "--- Begin Dialog " << dlgInfo->mDialogState->key;
+ lg(Trace) << "Callid: " << dlgInfo->mDialogState->callId;
+ lg(Trace) << "Is Dialog Established: " << dlgInfo->mDialogState->isDialogEstablished;
+ lg(Trace) << "Is Secure: " << dlgInfo->mDialogState->isSecure;
+ lg(Trace) << "Local CSeq: " << dlgInfo->mDialogState->localCSeq;
+ lg(Trace) << "Local URI: " << dlgInfo->mDialogState->localUri;
+ lg(Trace) << "Local tag: " << dlgInfo->mDialogState->localTag;
+ lg(Trace) << "Remote CSeq: " << dlgInfo->mDialogState->remoteCSeq;
+ lg(Trace) << "Remote URI: " << dlgInfo->mDialogState->remoteUri;
+ lg(Trace) << "Remote tag: " << dlgInfo->mDialogState->remoteTag;
+ lg(Trace) << "Transport: " << dlgInfo->mDialogState->transport;
+ lg(Trace) << "UAC Has 2xx: " << dlgInfo->mDialogState->uacHas2xx;
+ lg(Trace) << "Is Uac: " << dlgInfo->mDialogState->isUac;
if (dlgInfo->mPending == true)
{
- lg(Debug) << "Dialog is in pending state, not replicating";
+ lg(Trace) << "Dialog is in pending state, not replicating";
}
else if (dlgInfo->mNeedsRemoval == true)
{
- lg(Debug) << "Removing dialog";
+ lg(Trace) << "Removing dialog";
removeItems.push_back(dlgInfo->mDialogState->key);
}
else if (dlgInfo->mNeedsReplication == true)
{
- lg(Debug) << "Replicating dialog";
+ lg(Trace) << "Replicating dialog";
setItems.push_back(dlgInfo->mDialogState);
dlgInfo->mNeedsReplication = false;
}
- lg(Debug) << "--- End Dialog " << dlgInfo->mDialogState->key;
+ lg(Trace) << "--- End Dialog " << dlgInfo->mDialogState->key;
}
if (sessionInfo)
{
boost::shared_lock<boost::shared_mutex> lock(sessionInfo->mLock);
- lg(Debug) << "--- Begin Session " << sessionInfo->mSessionState->key;
- lg(Debug) << "Endpoint name: " << sessionInfo->mSessionState->endpointName;
- lg(Debug) << "Session object identity: " << sessionInfo->mSessionState->sessionObjectId.name;
- lg(Debug) << "Media session object identity: " << sessionInfo->mSessionState->mediaSessionObjectId.name;
+ lg(Trace) << "--- Begin Session " << sessionInfo->mSessionState->key;
+ lg(Trace) << "Endpoint name: " << sessionInfo->mSessionState->endpointName;
+ lg(Trace) << "Session object identity: " << sessionInfo->mSessionState->sessionObjectId.name;
+ lg(Trace) << "Media session object identity: " << sessionInfo->mSessionState->mediaSessionObjectId.name;
for (RTPMediaSessionDict::const_iterator mediaSession = sessionInfo->mSessionState->rtpMediaSessions.begin();
mediaSession != sessionInfo->mSessionState->rtpMediaSessions.end();
++mediaSession)
{
- lg(Debug) << "Media session: " << mediaSession->second;
+ lg(Trace) << "Media session: " << mediaSession->second;
}
- lg(Debug) << "Bridge: " << sessionInfo->mSessionState->bridge;
- lg(Debug) << "--- Begin Invite Session " << sessionInfo->mInviteState->key;
- lg(Debug) << "Current state: " << sessionInfo->mInviteState->currentState;
- lg(Debug) << "Cancelling: " << sessionInfo->mInviteState->cancelling;
- lg(Debug) << "Pending cancel: " << sessionInfo->mInviteState->pendingCancel;
- lg(Debug) << "Cause: " << sessionInfo->mInviteState->cause;
- lg(Debug) << "Cause text: " << sessionInfo->mInviteState->causeText;
- lg(Debug) << "Notify: " << sessionInfo->mInviteState->notify;
- lg(Debug) << "Last Ack CSeq: " << sessionInfo->mInviteState->lastAckCseq;
+ lg(Trace) << "Bridge: " << sessionInfo->mSessionState->bridge;
+ lg(Trace) << "--- Begin Invite Session " << sessionInfo->mInviteState->key;
+ lg(Trace) << "Current state: " << sessionInfo->mInviteState->currentState;
+ lg(Trace) << "Cancelling: " << sessionInfo->mInviteState->cancelling;
+ lg(Trace) << "Pending cancel: " << sessionInfo->mInviteState->pendingCancel;
+ lg(Trace) << "Cause: " << sessionInfo->mInviteState->cause;
+ lg(Trace) << "Cause text: " << sessionInfo->mInviteState->causeText;
+ lg(Trace) << "Notify: " << sessionInfo->mInviteState->notify;
+ lg(Trace) << "Last Ack CSeq: " << sessionInfo->mInviteState->lastAckCseq;
if (sessionInfo->mNeedsRemoval == true)
{
removeItems.push_back(sessionInfo->mInviteState->key);
removeItems.push_back(sessionInfo->mSessionState->key);
- lg(Debug) << "Removing session and invite session";
+ lg(Trace) << "Removing session and invite session";
}
else if (sessionInfo->mNeedsReplication == true)
{
setItems.push_back(sessionInfo->mInviteState);
setItems.insert(setItems.begin(), sessionInfo->mSessionState);
sessionInfo->mNeedsReplication = false;
- lg(Debug) << "Replicating session and invite session";
+ lg(Trace) << "Replicating session and invite session";
}
- lg(Debug) << "--- End Session and Invite Session";
+ lg(Trace) << "--- End Session and Invite Session";
}
if (tsxInfo)
{
@@ -300,7 +301,7 @@ void PJSipSessionModule::replicateState(PJSipDialogModInfo *dlgInfo, PJSipTransa
tsxInfo->mNeedsReplication = false;
}
}
- lg(Debug) << "========== End State Replication Dump ==========";
+ lg(Trace) << "========== End State Replication Dump ==========";
if (mReplicationContext->isReplicating() == true)
{
if (setItems.size() != 0)
@@ -346,7 +347,7 @@ bool PJSipSessionModule::checkAuth(pjsip_rx_data *rdata, pjsip_inv_session *inv,
boost::shared_ptr<AuthInstance> authInstance(mAuthManager->createAuthInstance(rdata, type));
- std::vector<AuthHookPrx> hooks = authInstance->getHooks();
+ AuthHookSeq hooks = authInstance->getHooks();
if (hooks.empty())
{
return false;
@@ -361,7 +362,7 @@ bool PJSipSessionModule::checkAuth(pjsip_rx_data *rdata, pjsip_inv_session *inv,
//For instance, in this case, we create the outgoing message using the inv_session,
//whereas other PJSIP modules will either access the base dialog directly
//or have a different layer of indirection instead of the inv_session.
- for (std::vector<AuthHookPrx>::iterator iter = hooks.begin(); iter != hooks.end(); ++iter)
+ for (AuthHookSeq::iterator iter = hooks.begin(); iter != hooks.end(); ++iter)
{
DigestChallengeSeq digests;
HookResult result;
@@ -1168,6 +1169,10 @@ protected:
}
}
}
+ else if (mRespCode == 401 || mRespCode == 407)
+ {
+ lg(Notice) << "!!!!!!!!! OH SNAP GOT A 401 or 407 !!!!!!!!";
+ }
return Complete;
}
@@ -1210,6 +1215,75 @@ void PJSipSessionModule::handleInviteResponse(pjsip_inv_session* inv,
enqueueSessionWork(new HandleInviteResponseOperation(respCode, inv->state, session), inv);
}
+//There are some rejection codes that we can actually do something with other than
+//just kill the code.
+void PJSipSessionModule::handleInviteRejection(pjsip_inv_session* inv,
+ pjsip_rx_data* rdata, pjsip_transaction* tsx)
+{
+ int respCode = rdata->msg_info.msg->line.status.code;
+ PJSipSessionModInfo *session_mod_info = (PJSipSessionModInfo*)inv->mod_data[mModule.id];
+ SipSessionPtr session = session_mod_info->getSessionPtr();
+
+ if (respCode == 401 || respCode == 407)
+ {
+ //Aw peas, they be wanting to authenticate, boooooooooiiiiiiiiiii
+
+ //What do we need to do?
+ //1. Get the registered hooks...
+ AuthHookSeq hooks = mAuthManager->getHooks();
+ //2. Call out and get authentication information.
+ for (AuthHookSeq::iterator iter = hooks.begin();
+ iter != hooks.end(); ++iter)
+ {
+ ClientAuthSeq auths;
+ Ice::StringSeq realms = mAuthManager->getRealms(rdata);
+
+ HookResult result = (*iter)->respondToChallenge(session->getEndpoint()->getName(), realms, auths);
+ if (result.status == Succeeded)
+ {
+ std::vector<pjsip_cred_info> creds;
+ //Cool. So now we need to update the auth info on mReg
+ for (ClientAuthSeq::iterator authIter = auths.begin();
+ authIter != auths.end(); ++authIter)
+ {
+ pjsip_cred_info info;
+ pj_cstr(&info.realm, authIter->realm.c_str());
+ pj_cstr(&info.scheme, "digest");
+ pj_cstr(&info.username, authIter->username.c_str());
+ pj_cstr(&info.data, authIter->password.c_str());
+ info.data_type = PJSIP_CRED_DATA_PLAIN_PASSWD;
+ creds.push_back(info);
+ }
+ if (creds.size() != 0)
+ {
+ pjsip_inv_uac_restart(inv, PJ_FALSE);
+ pjsip_auth_clt_set_credentials(&inv->dlg->auth_sess,
+ boost::numeric_cast<int>(creds.size()), &creds.front());
+ pjsip_tx_data *tdata;
+ pjsip_auth_clt_reinit_req(&inv->dlg->auth_sess,
+ rdata, tsx->last_tx, &tdata);
+ //XXX I'm not sure if I need to be adding an SDP offer here since
+ //I called pjsip_inv_uac_restart() above...
+ //
+ //XXX The actual sending of the message should probably be done as
+ //a queued operation.
+ pjsip_inv_send_msg(inv, tdata);
+ }
+ return;
+ }
+ }
+ //
+ //to normal
+ //4. Send an ACK
+ //5. Set credentials on the inv_session
+ //6. Re-send the INVITE with credentials.
+ //
+ //We need to call out to any registered extension points. This will at the
+ //very least allow for us to figure out if we can authenticate.
+
+ }
+}
+
class TransactionStateOperation : public SipQueueableOperation
{
public:
@@ -1391,12 +1465,17 @@ private:
void PJSipSessionModule::invOnStateChanged(pjsip_inv_session *inv, pjsip_event *event)
{
- if ((inv->state == PJSIP_INV_STATE_EARLY || inv->state == PJSIP_INV_STATE_CONNECTING) &&
- event->type == PJSIP_EVENT_TSX_STATE &&
- inv->role == PJSIP_ROLE_UAC)
+ if (event->type == PJSIP_EVENT_TSX_STATE && inv->role == PJSIP_ROLE_UAC)
{
- //Received a 1XX or 2XX message in response to our initial outgoing INVITE.
- handleInviteResponse(inv, event->body.tsx_state.src.rdata, inv->dlg);
+ if (inv->state == PJSIP_INV_STATE_EARLY || inv->state == PJSIP_INV_STATE_CONNECTING)
+ {
+ //Received a 1XX or 2XX message in response to our initial outgoing INVITE.
+ handleInviteResponse(inv, event->body.tsx_state.src.rdata, inv->dlg);
+ }
+ else if (inv->state == PJSIP_INV_STATE_DISCONNECTED)
+ {
+ handleInviteRejection(inv, event->body.tsx_state.src.rdata, event->body.tsx_state.tsx);
+ }
}
std::string branch;
if (event->type == PJSIP_EVENT_RX_MSG)
@@ -1446,6 +1525,7 @@ void PJSipSessionModule::invOnTsxStateChanged(pjsip_inv_session *inv, pjsip_tran
{
handleInfo(inv, e->body.tsx_state.src.rdata);
}
+
//This will be our key point for updating transaction state. This function will not be called until after a module
//has registered itself as the transaction user, so this won't be called on the initial INVITE we receive.
//
diff --git a/src/PJSipSessionModule.h b/src/PJSipSessionModule.h
index f506487..74621be 100644
--- a/src/PJSipSessionModule.h
+++ b/src/PJSipSessionModule.h
@@ -141,6 +141,7 @@ public:
private:
void handleNewInvite(pjsip_rx_data *rdata);
void handleInviteResponse(pjsip_inv_session *inv, pjsip_rx_data *rdata, pjsip_dialog *dlg);
+ void handleInviteRejection(pjsip_inv_session *inv, pjsip_rx_data *rdata, pjsip_transaction *tsx);
void handleRefer(pjsip_inv_session *inv, pjsip_rx_data *rdata);
void handleInfo(pjsip_inv_session *inv, pjsip_rx_data *rdata);
bool isDTMF(pjsip_rx_data *rdata);
commit 83551dc94f1d5a0a8967290c60c65e72b99d101f
Author: Mark Michelson <mmichelson at digium.com>
Date: Mon Nov 14 11:38:30 2011 -0600
Allow for challenging in-dialog requests in a SIP session.
diff --git a/src/PJSipRegistrarModule.cpp b/src/PJSipRegistrarModule.cpp
index 268ffc2..5da604a 100644
--- a/src/PJSipRegistrarModule.cpp
+++ b/src/PJSipRegistrarModule.cpp
@@ -781,11 +781,6 @@ pj_bool_t PJSipRegistrarModule::on_rx_request(pjsip_rx_data *rdata)
pjsip_tsx_create_uas(&mModule, rdata, &tsx);
pjsip_tsx_recv_msg(tsx, rdata);
- // We need to determine if the REGISTER should be authenticated.
- // This should be nearly exactly the same as the session module's
- // procedure. For now, leave this out since auth work has not been
- // merged to master.
-
if (checkAuth(rdata, tsx, NonDialog))
{
return PJ_TRUE;
diff --git a/src/PJSipSessionModule.cpp b/src/PJSipSessionModule.cpp
index 7cb434f..d86d76a 100644
--- a/src/PJSipSessionModule.cpp
+++ b/src/PJSipSessionModule.cpp
@@ -335,7 +335,7 @@ pj_status_t PJSipSessionModule::unload()
return PJ_SUCCESS;
}
-bool PJSipSessionModule::checkAuth(pjsip_rx_data *rdata, pjsip_inv_session *inv, RequestType type)
+bool PJSipSessionModule::checkAuth(pjsip_rx_data *rdata, pjsip_inv_session *inv, RequestInfoPtr& info, RequestType type)
{
//First, let's see if this message has some auth that we know about.
if (mAuthManager->authenticate(rdata) == true)
@@ -352,7 +352,6 @@ bool PJSipSessionModule::checkAuth(pjsip_rx_data *rdata, pjsip_inv_session *inv,
return false;
}
- RequestInfoPtr info(new InviteRequestInfo);
authInstance->fillInRequestInfo(rdata, info);
//We have our RequestInfo created. Now start calling out to any registered hooks
@@ -642,7 +641,8 @@ void PJSipSessionModule::handleNewInvite(pjsip_rx_data *rdata)
pjsip_inv_terminate(inv_session, 500, PJ_FALSE);
}
- bool authSent = checkAuth(rdata, inv_session, DialogEstablishing);
+ RequestInfoPtr requestInfo(new InviteRequestInfo);
+ bool authSent = checkAuth(rdata, inv_session, requestInfo, DialogEstablishing);
// This means we sent a 401 to the requester,
// so no need to go any further
@@ -696,6 +696,13 @@ void PJSipSessionModule::handleNewInvite(pjsip_rx_data *rdata)
void PJSipSessionModule::handleRefer(pjsip_inv_session *inv, pjsip_rx_data *rdata)
{
+ //First things first, let's do the auth dance
+ RequestInfoPtr requestInfo(new ReferRequestInfo);
+ if (checkAuth(rdata, inv, requestInfo, InDialog))
+ {
+ return;
+ }
+
//rdata structures are not safe to shallow copy to a queuable operation. Get
//what we need out of it.
const pj_str_t str_refer_to = { (char*)"Refer-To", 8 };
@@ -953,6 +960,12 @@ int PJSipSessionModule::getDTMFInfoDuration(pjsip_msg_body *body)
void PJSipSessionModule::handleInfo(pjsip_inv_session *inv, pjsip_rx_data *rdata)
{
+ //AUTH AUTH AUTH AUTH AUTH AUTH AUTH AUTH
+ RequestInfoPtr requestInfo(new InfoRequestInfo);
+ if (checkAuth(rdata, inv, requestInfo, InDialog))
+ {
+ return;
+ }
//Before we do anything, we need to figure out if we should even be handling this
//at all. If we don't have a telephony event source to handle this, then just
diff --git a/src/PJSipSessionModule.h b/src/PJSipSessionModule.h
index 9305f0f..f506487 100644
--- a/src/PJSipSessionModule.h
+++ b/src/PJSipSessionModule.h
@@ -146,7 +146,7 @@ private:
bool isDTMF(pjsip_rx_data *rdata);
char getDTMFInfoSignal(pjsip_msg_body *body);
int getDTMFInfoDuration(pjsip_msg_body *body);
- bool checkAuth(pjsip_rx_data *rdata, pjsip_inv_session *inv, AsteriskSCF::SIP::ExtensionPoint::V1::RequestType type);
+ bool checkAuth(pjsip_rx_data *rdata, pjsip_inv_session *inv, AsteriskSCF::SIP::ExtensionPoint::V1::RequestInfoPtr&, AsteriskSCF::SIP::ExtensionPoint::V1::RequestType type);
void getURIParams(pjsip_uri *uri, AsteriskSCF::SIP::ExtensionPoint::V1::ParamDict ¶ms);
void createAuthManager(pjsip_endpoint *endpt);
pjsip_inv_callback mInvCallback;
commit ff24318d201429b0f2dc4226dee7424baf5e0bce
Author: Mark Michelson <mmichelson at digium.com>
Date: Thu Oct 27 15:28:47 2011 -0500
Add Auth challengings to the Registrar.
diff --git a/src/AuthManager.cpp b/src/AuthManager.cpp
index 0bd0d15..899d346 100644
--- a/src/AuthManager.cpp
+++ b/src/AuthManager.cpp
@@ -171,10 +171,10 @@ bool AuthInstance::authenticate(pjsip_rx_data *rdata)
static const int AuthTimeoutSeconds = 60;
-void AuthInstance::scheduleAuthTimeout(int id)
+void AuthInstance::scheduleAuthTimeout(int id, pj_timer_heap_callback *cb)
{
const pj_time_val time = {AuthTimeoutSeconds, 0};
- pj_timer_entry_init(&mImpl->entry, id, this, sessionAuthTimeout);
+ pj_timer_entry_init(&mImpl->entry, id, this, cb);
pjsip_endpt_schedule_timer(mImpl->mEndpoint, &mImpl->entry, &time);
}
@@ -409,9 +409,9 @@ void AuthManager::destroyAuthInstance(const AuthInstance* instance)
}
}
-void AuthManager::scheduleAuthTimeout(const boost::shared_ptr<AuthInstance> &instance)
+void AuthManager::scheduleAuthTimeout(const boost::shared_ptr<AuthInstance> &instance, pj_timer_heap_callback *cb)
{
- instance->scheduleAuthTimeout(mImpl->mCounter++);
+ instance->scheduleAuthTimeout(mImpl->mCounter++, cb);
}
void AuthManager::authTimeout(pj_timer_heap_t *, pj_timer_entry *entry)
diff --git a/src/AuthManager.h b/src/AuthManager.h
index 96884ae..d6d84cf 100644
--- a/src/AuthManager.h
+++ b/src/AuthManager.h
@@ -82,7 +82,7 @@ public:
* so that the id parameter can be guaranteed to be unique per
* AuthInstance.
*/
- void scheduleAuthTimeout(int id);
+ void scheduleAuthTimeout(int id, pj_timer_heap_callback *cb);
/**
* Cancel the current scheduled auth timeout task on the AuthInstance.
@@ -148,7 +148,7 @@ public:
* the requester does not attempt to authenticate or never succeeds
* in authenticating, the AuthInstance will eventually be destroyed.
*/
- void scheduleAuthTimeout(const boost::shared_ptr<AuthInstance> &instance);
+ void scheduleAuthTimeout(const boost::shared_ptr<AuthInstance> &instance, pj_timer_heap_callback *cb);
/**
* Destroy an AuthInstance
*
diff --git a/src/PJSipRegistrarModule.cpp b/src/PJSipRegistrarModule.cpp
index d3eae84..268ffc2 100644
--- a/src/PJSipRegistrarModule.cpp
+++ b/src/PJSipRegistrarModule.cpp
@@ -28,6 +28,8 @@
using namespace AsteriskSCF::SIP::Registration::V1;
using namespace AsteriskSCF::System::Logging;
using namespace AsteriskSCF::System::WorkQueue::V1;
+using namespace AsteriskSCF::System::Hook::V1;
+using namespace AsteriskSCF::SIP::ExtensionPoint::V1;
namespace
{
@@ -701,6 +703,71 @@ private:
pjsip_tx_data *mTdata;
};
+bool PJSipRegistrarModule::checkAuth(pjsip_rx_data *rdata, pjsip_transaction *tsx, RequestType type)
+{
+ //First, let's see if this message has some auth that we know about.
+ if (mAuthManager->authenticate(rdata) == true)
+ {
+ //Oh yeah! Authentication succeeded!
+ return false;
+ }
+
+ boost::shared_ptr<AuthInstance> authInstance(mAuthManager->createAuthInstance(rdata, type));
+
+ std::vector<AuthHookPrx> hooks = authInstance->getHooks();
+ if (hooks.empty())
+ {
+ return false;
+ }
+
+ RequestInfoPtr info(new RegisterRequestInfo);
+ authInstance->fillInRequestInfo(rdata, info);
+
+ //We have our RequestInfo created. Now start calling out to any registered hooks
+ //
+ //XXX While this seems like something that could be taken care of in either the
+ //AuthInstance or AuthManager class, there are some specific issues with this.
+ //For instance, in this case, we create the outgoing message using the inv_session,
+ //whereas other PJSIP modules will either access the base dialog directly
+ //or have a different layer of indirection instead of the inv_session.
+ for (std::vector<AuthHookPrx>::iterator iter = hooks.begin(); iter != hooks.end(); ++iter)
+ {
+ DigestChallengeSeq digests;
+ HookResult result;
+ result = (*iter)->challengeRequest(info, digests);
+ if (result.status == Failed)
+ {
+ lg(Error) << "SIP Authentication hook reported a failure: " << result.info;
+ }
+ else if (result.status == Succeeded)
+ {
+ if (digests.empty())
+ {
+ //Hook says not to challenge. This AuthInstance
+ //is deader than dead.
+ mAuthManager->destroyAuthInstance(authInstance);
+ return false;
+ }
+
+ pjsip_tx_data *tdata;
+ pjsip_endpt_create_response(tsx->endpt, rdata, 401, NULL, &tdata);
+
+ authInstance->addDigests(tdata, digests);
+
+ pjsip_tsx_send_msg(tsx, tdata);
+
+ mAuthManager->scheduleAuthTimeout(authInstance, registrarAuthTimeout);
+ return true;
+ }
+ }
+ return false;
+}
+
+void PJSipRegistrarModule::authTimeout(pj_timer_heap_t *timer_heap, pj_timer_entry *entry)
+{
+ mAuthManager->authTimeout(timer_heap, entry);
+}
+
pj_bool_t PJSipRegistrarModule::on_rx_request(pjsip_rx_data *rdata)
{
if (rdata->msg_info.msg->line.req.method.id != PJSIP_REGISTER_METHOD)
@@ -718,6 +785,11 @@ pj_bool_t PJSipRegistrarModule::on_rx_request(pjsip_rx_data *rdata)
// This should be nearly exactly the same as the session module's
// procedure. For now, leave this out since auth work has not been
// merged to master.
+
+ if (checkAuth(rdata, tsx, NonDialog))
+ {
+ return PJ_TRUE;
+ }
// We should attempt to determine at this point who the
// REGISTER is from and determine whether they have permission
@@ -818,5 +890,9 @@ RegistrarIPtr PJSipRegistrarModule::getRegistrar()
return mRegistrar;
}
+void PJSipRegistrarModule::createAuthManager(pjsip_endpoint *endpt)
+{
+ mAuthManager.reset(new AuthManager(endpt, lg));
+}
};
};
diff --git a/src/PJSipRegistrarModule.h b/src/PJSipRegistrarModule.h
index 82cc137..b86edf2 100644
--- a/src/PJSipRegistrarModule.h
+++ b/src/PJSipRegistrarModule.h
@@ -112,6 +112,7 @@ public:
pj_status_t on_tx_response(pjsip_tx_data *tdata);
void on_tsx_state(pjsip_transaction *tsx, pjsip_event *event);
RegistrarIPtr getRegistrar();
+ void authTimeout(pj_timer_heap_t *timer_heap, pj_timer_entry *entry);
/**
* Replicate state of bindings currently held by this registrar.
@@ -153,6 +154,12 @@ private:
BindingWrapperPtr createNewBinding(pjsip_contact_hdr *contact,
const std::string& callID, int cSeq, int expiration, const std::string& aor);
+ bool checkAuth(pjsip_rx_data *rdata,
+ pjsip_transaction *tsx,
+ AsteriskSCF::SIP::ExtensionPoint::V1::RequestType type);
+
+ void createAuthManager(pjsip_endpoint *endpt);
+
pjsip_endpoint *mEndpoint;
RegistrarIPtr mRegistrar;
SipReplicationContextPtr mReplicationContext;
@@ -201,5 +208,7 @@ public:
const std::string mAOR;
};
+void registrarAuthTimeout(pj_timer_heap_t *timer_heap, struct pj_timer_entry *entry);
+
};
};
diff --git a/src/PJSipRegistrarModuleConstruction.cpp b/src/PJSipRegistrarModuleConstruction.cpp
index 42aebfe..a42e6ee 100644
--- a/src/PJSipRegistrarModuleConstruction.cpp
+++ b/src/PJSipRegistrarModuleConstruction.cpp
@@ -73,6 +73,11 @@ static void registrarOnTsxState(pjsip_transaction *tsx, pjsip_event *event)
return registrarModule->on_tsx_state(tsx, event);
}
+void registrarAuthTimeout(pj_timer_heap_t *timer_heap, struct pj_timer_entry *entry)
+{
+ return registrarModule->authTimeout(timer_heap, entry);
+}
+
PJSipRegistrarModule::PJSipRegistrarModule(
pjsip_endpoint *endpt,
const RegistrarListenerPrx& defaultListener,
@@ -98,6 +103,7 @@ PJSipRegistrarModule::PJSipRegistrarModule(
mModule.on_tsx_state = registrarOnTsxState;
pjsip_endpt_register_module(mEndpoint, &mModule);
+ createAuthManager(endpt);
}
};
diff --git a/src/PJSipSessionModule.cpp b/src/PJSipSessionModule.cpp
index 9504d47..7cb434f 100644
--- a/src/PJSipSessionModule.cpp
+++ b/src/PJSipSessionModule.cpp
@@ -388,7 +388,7 @@ bool PJSipSessionModule::checkAuth(pjsip_rx_data *rdata, pjsip_inv_session *inv,
pjsip_inv_send_msg(inv, tdata);
- mAuthManager->scheduleAuthTimeout(authInstance);
+ mAuthManager->scheduleAuthTimeout(authInstance, sessionAuthTimeout);
return true;
}
}
-----------------------------------------------------------------------
--
asterisk-scf/integration/sip.git
More information about the asterisk-scf-commits
mailing list